OpenID Foundation Meeting: what is OpenID today?
Earlier this year, Jem Stone blogged that the BBC had joined the OpenID Foundation.
And a week ago, the BBC hosted a meeting of the OpenID Foundation Content Provider Advisory Committee in New York.
I was there, among the BBC people and participants from major media companies. This was the first time that we had participation from a wide collection of companies interested in the possibilities of OpenID.
There is more detail about the meeting at the Foundation's blog.
The committee gathered quite a selection of companies interested in understanding how web audiences can benefit from OpenID and where it fits into the business of a media or content company.
So what is OpenID?
The concept is simple.
OpenID eliminates the need for multiple usernames across different websites, simplifying your online experience. It's based on a federated approach and relatively simple standards. Open source solutions are available for both providers and consumers.
While the original protocol for Open ID was developed in 2005, significant changes happened only last year. Big internet players like Yahoo!, MySpace, AOL, Google as well as telecoms like Orange and Telecom Italia joined the fray and are now offering OpenIDs to users. They are "identity providers".
Participants at the OpenID Foundation Content Provider Advisory Committe meeting
By the end of September 2007, over 22,000 sites were accepting OpenID logins.
However, as you may note from the numbers above, the landscape is unbalanced: there are a few big providers and myriad small consumers. Only bloggers and a few social sites show a balanced model where sites are providers and consumers at the same time.
There's a strong sense of momentum, but it needs a slightly more critical approach.
On paper, there are hundreds of millions of OpenID-enabled users. In practice, these are potential users and few of them even know that OpenID exists. Figures on the real adoption rate are not easy to obtain and the precise profile of initial users is even more difficult.
At first glance, it would be easy to define OpenID as just a geek's wave - a phenomenon limited to a small proportion of web-savvy people actively participating on different blogs or present in multiple social spaces. And the cynical might say that the big internet players' participation is an identity landgrab - taking part in OpenID in case something significant develops.
For average users, the OpenID user experience is still very poor, for two main reasons:
- First, you can be redirected from one website (the one accepting the identifier) to a different domain (that of the provider) and then returned to the first. This is confusing for an average user, especially if different wording, layout and styles are used. The attribute exchange part of the OpenID protocol works: it's a good idea to exchange the registration parameters and to simplify steps at the receiving site. However, if implemented badly (or not implemented at all), it adds even more confusion to the journey. The confusion also adds a weak point where scammers and phishers can jump in.
- Second, all users are familiar with the username and password as the login paradigm. Suddenly using URLs, like http://openid.foo.bar/john/smith, may be difficult for a mainstream user to understand.
(However, the so-called "Generation @", which uses instant messaging and social spaces as well as traditional email, is aging, and so the main audience segments will be people used to representing themselves with the URL of a blog, MySpace profile or Flickr account).
Security is also not at the level that I (and the BBC) want to see. With improvements around the corner, this will improve. But more complex problems are responsibility and liability in the case of misuse. Who is responsible in a fully federated system?
Let's return to my first question. Where is the value for our audience and where is the business case for a media company?
It is difficult to give a precise answer today, but two aspects are emerging.
- First, an OpenID ecosystem that is simple to use and which allows sharing of user attributes would help with the migration of users from site to site. This can be a simple way to offer progressive services and content to new users.
- Second, OpenID can be used to make participation in social features much wider. Participation can be opened up as much as possible to avoid limiting it to a single social site.
So what's the value for audiences?
• Better personalised or localised services without the burden of full registration
• An "appetiser" before accessing the full menu of services
• More freedom to pick a social site and "be yourself" independently of the web platform used
And what would businesses and media providers get out of OpenID?
• Better user acquisition rate and lower cost per user
• Wider user base for social features and more space to develop viral effects
• More flexibility in making agreements with social sites
Of course, the high figures of potential OpenID users must be matched with the real adoption rate and the demographics of "Generation @".
What can the BBC and others do, in addition to watching from the coast what's happening in the OpenID ocean?
Here are some simple possibilities:
• Work on best practice shared among providers and consumers.
• Improve radically the user experience and simplify it to so that it is more intuitive and easier for mainstream users - the user experience is shared and needs to be modified in co-operation between providers and consumers
• Share basic registration data, with the explicit approval of the user. Email and date of birth are essential and other data desirable. This is a core point for any content provider to become a consumer of OpenID.
• Work on common presentation and explanation of OpenID - part of the BBC's mission to "educate" - to make people ready for Internet of today and tomorrow...
An informal working group and a simple prototype or pilot applications is probably the best way to continue the work.
It's important that this is shared among providers and media companies so that all aspects of the OpenID ecosystem can be tested and improved.
How do you think OpenID could be improved and how do you think it could be used?
What do you think the BBC should do?
Please do leave a comment.
Zac Bjelogrlic is Programme Manager, BBC Future Media & Technology.